yankeeLeon

How does this openssh container avoid the "chroot" before ssh authentication? I tried to create a container from a ubuntu 18.04 base image and install openssh-server inside the container so that I can ssh into the container. However, my seccomp rule does not allow syscal "chroot" and I get this error log "fatal: chroot("/run/sshd"): Operation not permitted [preauth]" from /var/log/auth.log. This error indicates that ssh-server tries to run "chroot" before authentication (ssh client log shows "connection reset" before authentication) but failed because of permission issue. I also tried openssh container image without providing "chroot" in seccomp but I have no issue. I access into the openssh container as root and tried to manually run "chroot" and I have no permission to do that. This tells me that ssh-server inside openssh container does not run "chroot" when establishing the connection. 1. Why does openssh-server try to chroot to /run/sshd inside ubuntu container? This "chroot" before authentication is different from the "chroot" that could be ran after authentication and can be configed inside /etc/ssh/sshd_config file. 2. What is the change that ssh-server, inside openssh container, have made to avoid using "chroot"? Thanks